Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,123 advisories

Loading
Downloads Resources over HTTP in libxl High
CVE-2016-10585 was published for libxl (npm) Feb 18, 2019
Downloads Resources over HTTP in iedriver High
CVE-2016-10562 was published for iedriver (npm) Feb 18, 2019
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Downloads Resources over HTTP in node-thulac High
CVE-2016-10640 was published for node-thulac (npm) Feb 18, 2019
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
Moderate severity vulnerability that affects is-my-json-valid Moderate
GHSA-ccq6-3qx5-vmqx was published for is-my-json-valid (npm) Jul 31, 2018 withdrawn
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
High severity vulnerability that affects gun High
GHSA-886v-mm6p-4m66 was published for gun (npm) Jun 5, 2019
JK0N
SQL Injection in waterline-sequel High
CVE-2016-10551 was published for waterline-sequel (npm) Feb 18, 2019
Downloads Resources over HTTP in haxe-dev High
CVE-2016-10637 was published for haxe-dev (npm) Feb 18, 2019
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
Downloads Resources over HTTP in grunt-ccompiler High
CVE-2016-10636 was published for grunt-ccompiler (npm) Feb 18, 2019
SQL Injection in sequelize High
CVE-2016-10550 was published for sequelize (npm) Feb 18, 2019
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
Sensitive Data Exposure in parse-server Moderate
CVE-2019-1020013 was published for parse-server (npm) Jul 11, 2019
fastrde acinader
Timing Attack in csrf-lite High
CVE-2016-10535 was published for csrf-lite (npm) Feb 18, 2019
SQL Injection in query-mysql High
CVE-2018-3754 was published for query-mysql (npm) Sep 10, 2018
Downloads Resources over HTTP in node-bsdiff-android High
CVE-2016-10641 was published for node-bsdiff-android (npm) Sep 18, 2018
VBScript Content Injection in marked Moderate
CVE-2015-1370 was published for marked (npm) Oct 24, 2017
Directory Traversal in bitty Moderate
CVE-2016-10561 was published for bitty (npm) Feb 18, 2019
Moderate severity vulnerability that affects marked Moderate
CVE-2017-17461 was published for marked (npm) Jan 4, 2018 withdrawn
Downloads Resources over HTTP in prince High
CVE-2016-10591 was published for prince (npm) Feb 18, 2019
Downloads Resources over HTTP in haxeshim High
CVE-2016-10692 was published for haxeshim (npm) Jul 31, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Downloads Resources over HTTP in geoip-lite-country High
CVE-2016-10568 was published for geoip-lite-country (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database